CVE-2021-4203 — MEDIUM (6.8)

Q: How severe is CVE-2021-4203?

CVE-2021-4203 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-4203?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Active Iq Unified Manager, Netapp E-Series Santricity Os Controller, Netapp Element Software, Netapp Hci Management Node.

Vulnerability Description

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 5.15
Netapp	Active Iq Unified Manager	-
Netapp	E-Series Santricity Os Controller	>= 11.0.0, <= 11.70.2
Netapp	Element Software	-
Netapp	Hci Management Node	-
Netapp	Solidfire	-
Netapp	Bootstrap Os	-
Netapp	Hci Compute Node	-
Netapp	A700S Firmware	-
Netapp	A700S	-
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H410S Firmware	-
Netapp	H410S	-
Netapp	H410C Firmware	-
Netapp	H410C	-

Related Weaknesses (CWE)

CWE-362 CWE-416

References

https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-ExploitIssue TrackingPatch
https://bugzilla.redhat.com/show_bug.cgi?id=2036934Issue TrackingPatchThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306ePatchVendor Advisory
https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com
https://security.netapp.com/advisory/ntap-20221111-0003/Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-ExploitIssue TrackingPatch
https://bugzilla.redhat.com/show_bug.cgi?id=2036934Issue TrackingPatchThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306ePatchVendor Advisory
https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com
https://security.netapp.com/advisory/ntap-20221111-0003/Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory

FAQ

What is CVE-2021-4203?

CVE-2021-4203 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with...

How severe is CVE-2021-4203?

CVE-2021-4203 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-4203?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Active Iq Unified Manager, Netapp E-Series Santricity Os Controller, Netapp Element Software, Netapp Hci Management Node.